The ACH network facilitates a number of payment types, each with its own risks and dedicated detection methods, resulting in the need to process and monitor both incoming and outgoing NACHA files. One of the key risks to consider when processing outgoing ACH payments causing serious loss to bank customers is account takeover. Criminals use schemes like phishing, theft of credentials, malware, and social engineering to gain access to the systems of a bank’s business customer, ultimately leading to account takeover to initiate unauthorized ACH transactions.
A less intrusive, but increasingly common scheme in COVID times is executive impersonation fraud, or “CEO fraud,” where a fraudster sends a fake email with access to the company bank account to an employee. The email appears to come from an executive or key business relation requesting an urgent funds transfer. While financial institutions take measures to protect their payment systems and networks, it is much harder to prevent and detect account takeover on the customer side.
IT security and awareness differ per customer, and a weak link is easily found by a determined attacker. Strong authentication procedures and detection systems monitoring location, session, and device information form an important first layer of defense against account takeover, but they are not sufficient. A fraudulent transaction may be initiated by a malware-controlled system of the actual customer or properly authenticated by a misguided employee.
Automated fraud solutions can employ several methods on each outgoing ACH transfer to protect the customer and the institution against account takeover: